Issue #3416700 by catch, penyaskito, lamp5: Handle invalid compressed ajax_page_state more gracefully

core/lib/Drupal/Component/Utility/UrlHelper.php

@@ -99,16 +99,23 @@ class UrlHelper {
    *   A string as compressed by
    *   \Drupal\Component\Utility\UrlHelper::compressQueryParameter().
    *
-   * @return string|bool
-   *   The uncompressed data or FALSE on failure.
+   * @return string
+   *   The uncompressed data, or the original string if it cannot be
+   *   uncompressed.
    */
-  public static function uncompressQueryParameter(string $compressed): string|bool {
+  public static function uncompressQueryParameter(string $compressed): string {
     if (!\extension_loaded('zlib')) {
       return $compressed;
     }
     // Because this comes from user data, suppress the PHP warning that
     // gzcompress() throws if the base64-encoded string is invalid.
-    return @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed)));
+    $return = @gzuncompress(base64_decode(str_replace(['-', '_'], ['+', '/'], $compressed)));
+
+    // If we failed to uncompress the query parameter, it may be a stale link
+    // from before compression was implemented with the URL parameter
+    // uncompressed already, or it may be an incorrectly formatted URL.
+    // In either case, pass back the original string to the caller.
+    return $return === FALSE ? $compressed : $return;
   }
 
   /**

core/modules/system/src/Controller/AssetControllerBase.php

@@ -160,19 +160,22 @@ abstract class AssetControllerBase extends FileDownloadController {
     $this->themeManager->setActiveTheme($active_theme);
 
     $attached_assets = new AttachedAssets();
-    $include_string = UrlHelper::uncompressQueryParameter($request->query->get('include'));
+    $include_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('include')));
 
-    if (!$include_string) {
-      throw new BadRequestHttpException('The libraries to include are encoded incorrectly.');
-    }
-    $attached_assets->setLibraries(explode(',', $include_string));
+    $validate = function ($libraries_to_check) {
+      foreach ($libraries_to_check as $library) {
+        if (substr_count($library, '/') !== 1) {
+          throw new BadRequestHttpException('The libraries to include are encoded incorrectly.');
+        }
+      }
+    };
+    $validate($include_libraries);
+    $attached_assets->setLibraries($include_libraries);
 
     if ($request->query->has('exclude')) {
-      $exclude_string = UrlHelper::uncompressQueryParameter($request->query->get('exclude'));
-      if (!$exclude_string) {
-        throw new BadRequestHttpException('The libraries to exclude are encoded incorrectly.');
-      }
-      $attached_assets->setAlreadyLoadedLibraries(explode(',', $exclude_string));
+      $exclude_libraries = explode(',', UrlHelper::uncompressQueryParameter($request->query->get('exclude')));
+      $validate($exclude_libraries);
+      $attached_assets->setAlreadyLoadedLibraries($exclude_libraries);
     }
     $groups = $this->getGroups($attached_assets, $request);
 

core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php

@@ -129,8 +129,8 @@ class UrlHelperTest extends TestCase {
    */
   public function testUncompressInvalidString() {
     // Pass an invalid string to ::uncompressQueryParameter() and ensure it
-    // doesn't result in a PHP warning.
-    $this->assertFalse(UrlHelper::uncompressQueryParameter('llama'));
+    // returns the passed string without resulting in a PHP warning.
+    $this->assertSame('llama', UrlHelper::uncompressQueryParameter('llama'));
   }
 
   /**